email with token & confirmation works

2024-02-27 15:21:54 +01:00
parent f4f16d621d
commit fd4ba6ae31
11 changed files with 210 additions and 27 deletions
--- a/src/configuration.rs
+++ b/src/configuration.rs
@ -15,6 +15,7 @@ pub struct Settings {
 pub struct ApplicationSettings {
 	pub port: u16,
 	pub host: String,
+	pub base_url: String,
 }

 #[derive(serde::Deserialize,Clone)]
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@ -1,5 +1,7 @@
 mod health_check;
 mod subscriptions;
+mod subscriptions_confirm;

 pub use health_check::*;
 pub use subscriptions::*;
+pub use subscriptions_confirm::*;
--- a/src/routes/subscriptions.rs
+++ b/src/routes/subscriptions.rs
@ -1,4 +1,5 @@
 use actix_web::{web, HttpResponse};
+use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use serde::Deserialize;
 use chrono::Utc;
 use uuid::Uuid;
@ -7,7 +8,7 @@ use lettre::{
    address::AddressError, message::{header::ContentType, Mailbox}, transport::smtp::authentication::Credentials, Message, SmtpTransport, Transport
 };

-use crate::{domain::{NewSubscriber, SubscriberEmail, SubscriberName}, email_client::EmailClient};
+use crate::{domain::{NewSubscriber, SubscriberEmail, SubscriberName}, email_client::EmailClient, startup::ApplicationBaseUrl};

 #[derive(Deserialize)]
 pub struct FormData {
@ -17,7 +18,7 @@ pub struct FormData {

 #[tracing::instrument(
 	name = "Adding a new subscriber",
-	skip(form, connection_pool, email_client),
+	skip(form, connection_pool, email_client, base_url),
 	fields(
 		subscriber_email = %form.email,
 		subscriber_name = %form.name
@ -27,16 +28,21 @@ pub async fn subscribe(
 	form: web::Form<FormData>,
 	connection_pool: web::Data<Pool<Postgres>>,
 	email_client: web::Data<EmailClient>,
+	base_url: web::Data<ApplicationBaseUrl>,
 ) -> HttpResponse {
 	let new_subscriber = match form.0.try_into() {
 		Ok(subscriber) => subscriber,
 		Err(_) => return HttpResponse::BadRequest().finish(),
 	};
-	match insert_subscriber(&new_subscriber, &connection_pool).await {
-		Ok(_) => (),
+	let subscriber_id = match insert_subscriber(&new_subscriber, &connection_pool).await {
+		Ok(subscriber_id) => subscriber_id,
 		Err(_) => return HttpResponse::InternalServerError().finish(),
+	};
+	let subscription_token = generate_confirmation_token();
+	if store_token(&connection_pool, &subscriber_id, &subscription_token).await.is_err() {
+		return HttpResponse::InternalServerError().finish();
 	}
-	if send_confirmation_email(&email_client, new_subscriber).await.is_err() {
+	if send_confirmation_email(&email_client, new_subscriber, &base_url.0, &subscription_token).await.is_err() {
 		return HttpResponse::InternalServerError().finish();
 	}
 	HttpResponse::Ok().finish()
@ -44,13 +50,15 @@ pub async fn subscribe(

 #[tracing::instrument(
 	name = "Send a confirmation email to the new subscriber",
-	skip(email_client, new_subscriber)
+	skip(email_client, new_subscriber, base_url)
 )]
 pub async fn send_confirmation_email(
 	email_client: &EmailClient,
 	new_subscriber: NewSubscriber,
+	base_url: &str,
+	subscription_token: &str,
 ) -> Result<(), reqwest::Error> {
-	let confirmation_link = "https://my-api.com/subscriptions/confirm";
+	let confirmation_link = format!("{}/subscriptions/confirm?subscription_token={}", base_url, subscription_token);
 	let plain_body = &format!(
 		"Welcome to our newsletter!\n\
 		Visit {} to confirm your subscription.",
@ -133,13 +141,14 @@ impl TryFrom<FormData> for NewSubscriber {
 	name = "Saving new subscriber details in the database",
 	skip(new_subscriber, connection_pool)
 )]
-async fn insert_subscriber(new_subscriber: &NewSubscriber, connection_pool: &Pool<Postgres>) -> Result<(), sqlx::Error> {
+async fn insert_subscriber(new_subscriber: &NewSubscriber, connection_pool: &Pool<Postgres>) -> Result<Uuid, sqlx::Error> {
+	let subscriber_id = Uuid::new_v4();
 	query!(
 		r#"
 		INSERT INTO subscriptions (id, email, name, subscribed_at, status)
 		VALUES ($1, $2, $3, $4, 'pending_confirmation')
 		"#,
-		Uuid::new_v4(),
+		subscriber_id,
 		new_subscriber.email.as_ref(),
 		new_subscriber.name.as_ref(),
 		Utc::now()
@ -150,5 +159,35 @@ async fn insert_subscriber(new_subscriber: &NewSubscriber, connection_pool: &Poo
 		tracing::error!("Failed to execute query: {:?}", e);
 		e
 	})?;
+	Ok(subscriber_id)
+}
+
+#[tracing::instrument(
+	name = "Storing subscription token in the database",
+	skip(connection_pool, subscriber_id, subscription_token)
+)]
+async fn store_token(connection_pool: &Pool<Postgres>, subscriber_id: &Uuid, subscription_token: &str) -> Result<(), sqlx::Error> {
+	query!(
+		r#"
+		INSERT INTO subscription_tokens (subscription_token, subscriber_id)
+		VALUES ($1, $2)
+		"#,
+		subscription_token,
+		subscriber_id
+	)
+	.execute(connection_pool)
+	.await
+	.map_err(|e| {
+		tracing::error!("Failed to execute query: {:?}", e);
+		e
+	})?;
 	Ok(())
 }
+
+fn generate_confirmation_token() -> String {
+	let mut rng = thread_rng();
+	std::iter::repeat_with(|| rng.sample(Alphanumeric))
+		.map(char::from)
+		.take(25)
+		.collect()
+}
--- a/src/routes/subscriptions_confirm.rs
+++ b/src/routes/subscriptions_confirm.rs
@ -0,0 +1,73 @@
+use actix_web::{web, HttpResponse};
+use sqlx::{pool::Pool, Postgres};
+use uuid::Uuid;
+
+#[derive(serde::Deserialize)]
+pub struct Parameters {
+	pub subscription_token: String,
+}
+
+#[tracing::instrument(
+	name = "Confirm a pending subscriber",
+	skip(parameters),
+)]
+pub async fn confirm(
+	parameters: web::Query<Parameters>,
+	pool: web::Data<Pool<Postgres>>,
+) -> HttpResponse {
+	let id = match get_subscriber_id_from_token(&pool, &parameters.subscription_token).await {
+		Ok(id) => id,
+		Err(_) => return HttpResponse::BadRequest().finish(),
+	};
+	match id {
+		None => HttpResponse::Unauthorized().finish(),
+		Some(subscriber_id) => {
+			if confirm_subscriber(&pool, subscriber_id).await.is_err() {
+				return HttpResponse::InternalServerError().finish();
+			}
+			HttpResponse::Ok().finish()
+		}
+	}
+}
+
+#[tracing::instrument(
+	name = "Mark a subscriber as confirmed in the database",
+	skip(pool, subscriber_id),
+)]
+pub async fn confirm_subscriber(
+	pool: &Pool<Postgres>,
+	subscriber_id: Uuid,
+) -> Result<(), sqlx::Error> {
+	sqlx::query!(
+		"UPDATE subscriptions SET status = 'confirmed' WHERE id = $1",
+		subscriber_id
+	)
+	.execute(pool)
+	.await
+	.map_err(|e| {
+		tracing::error!("Failed to execute query: {:?}", e);
+		e
+	})?;
+	Ok(())
+}
+
+#[tracing::instrument(
+	name = "Retrieve subscriber ID by token from the database",
+	skip(pool, subscription_token),
+)]
+pub async fn get_subscriber_id_from_token(
+	pool: &Pool<Postgres>,
+	subscription_token: &str,
+) -> Result<Option<Uuid>, sqlx::Error> {
+	let result = sqlx::query!(
+		"SELECT subscriber_id FROM subscription_tokens WHERE subscription_token = $1",
+		subscription_token
+	)
+	.fetch_optional(pool)
+	.await
+	.map_err(|e| {
+		tracing::error!("Failed to execute query: {:?}", e);
+		e
+	})?;
+	Ok(result.map(|r| r.subscriber_id))
+}
--- a/src/startup.rs
+++ b/src/startup.rs
@ -5,22 +5,26 @@ use tracing_actix_web::TracingLogger;
 use std::net::TcpListener;

 use crate::email_client::EmailClient;
-use crate::routes::{health_check, subscribe};
+use crate::routes::{confirm, health_check, subscribe};

 pub fn run(
 	listener: TcpListener,
 	connection_pool: Pool<Postgres>,
 	email_client: EmailClient,
+	base_url: String,
 ) -> Result<Server, std::io::Error> {
 	let connection_pool = web::Data::new(connection_pool);
 	let email_client = web::Data::new(email_client);
+	let base_url = web::Data::new(ApplicationBaseUrl(base_url));
    let server = HttpServer::new(move || {
        App::new()
            .wrap(TracingLogger::default())
            .route("/health_check", web::get().to(health_check))
            .route("/subscriptions", web::post().to(subscribe))
+            .route("/subscriptions/confirm", web::get().to(confirm))
            .app_data(connection_pool.clone())
            .app_data(email_client.clone())
+            .app_data(base_url.clone())
    })
    .listen(listener)?
    .run();
@ -50,7 +54,7 @@ impl Application {
 	
 		let listener = TcpListener::bind(format!("{}:{}", config.application.host, config.application.port))?;
 		let port = listener.local_addr().unwrap().port();
-		let server = run(listener, connection_pool, email_client)?;
+		let server = run(listener, connection_pool, email_client, config.application.base_url)?;
 		Ok(Self { port, server })
 	}

@ -63,7 +67,7 @@ impl Application {
 	}
 }

-
+pub struct ApplicationBaseUrl(pub String);

 pub fn get_connection_pool(config: crate::configuration::DatabaseSettings) -> Pool<Postgres> {
 	Pool::connect_lazy_with(config.with_db())